The future of access control: Attributes, automation, and adaptation

Abstract

Access control has been and will always be one of the center pieces of cyber security. This talk will focus on three necessary characteristics of access control in future systems: attributes, automation, and adaptation. Future access control policies will be built around attributes, which are properties of relevant entities, so they can apply to large numbers of entities while being fine-grained at the same time. This transition to attribute-based access control has been in process for about two decades and is approaching a major inflection point. Automation and adaptation, however, are newer concepts. Automation seeks to break away from requiring human users to configure access control policies, by delegating more of the routine tasks to smart software. Adaptation recognizes that access control must adjust as circumstances change. This talk will speculate on a future built around these three synergistic elements and on the research and technology challenges in making this vision a reality.